recently

Сircumventing the security challenges of OS X El Capitan

OS X El capitan may be more resistant than ever to malicious software, but its arrival means new challenges lie ahead for some third-party developers.

SIP: Forcing developers to think different

OS X El Capitan 10.11 offers serious defense against malware on a number of fronts, most notably System Integrity Protection (SIP for short). SIP removes administrative overrides for processes running in the background and disables root access to /usr, /bin, /sbin, and /System, preventing ANY user or application (with the exception of Mac-native installer software) from writing to those locations or modifying files residing there.
In doing so, Apple has for the first time rejected a key Unix principal by limiting the access privileges of a “superuser” (better known as root). Traditionally, users with administrator privileges could install software and generally access any part of the root-level system they so desire, while regular users had more limited access.
Although this approach has generally worked well since OS X debuted in 2001, there was always the potential threat of local or remote attacks from rogue Trojan horse software that gained access to root. By implementing SIP, veteran Mac power users now consider the operating system to be “rootless.”
It should be noted that Apple has provided power users with a workaround to temporarily disable SIP, simply by booting into the Recovery partition and selecting Utilities > Security Configuration from the menu. Next, uncheck Enforce System Integrity Protection, click Apply Configuration, and restart for the change to take effect. However, it’s clear that SIP is the way forward, so developers and end users will need to adapt accordingly.

Disk Utility vs. Third-Party Drivers

The El Capitan version of Disk Utility has also been through major changes — both cosmetically and under the hood. Once you get used to the glossy new user interface, veteran users might notice Apple has entirely removed the option to repair disk permissions. That’s because Apple no longer allows permissions to change in any way, with the exception of an automatic repair run during software updates.

But that’s not all: Disk Utility no longer manages disks mounted by third-party drivers, at least not through the program’s graphical user interface. The reasons for the change don’t make a whole lot of sense to outsiders, especially when disks mounted by non-native drivers can still be mounted, formatted, or repaired by using the command-line diskutil.

Making OS X more like mobile

An additional security improvement removes the possibility of using unsigned kernel extensions (kexts) which modify the core of OS X. Starting with El Capitan, developers must sign kexts with a valid Apple certificate in order for them to continue working. This means perfectly good drivers for discontinued products or expensive hardware could suddenly become unusable after upgrading to the new OS — with no easy or reliable downgrade available!

By adopting such changes, Apple aims to make OS X a more user-friendly and secure platform similar to iOS, which powers the company’s popular iPhone, iPad, and iPod touch products. Although this move will surely benefit average users and protect them from the ever-increasing threat of malicious software, the additional layers of security temporarily complicate matters for advanced power users and Mac developers whose livelihood depends upon OS X.

The challenge for developers

If you already purchase most of your software from the Mac App Store, chances are you’ll never notice (or care) about the under-the-hood changes Apple has implemented with OS X El Capitan. But there are plenty of third-party developers who will be affected, especially those who offer software outside of Apple’s walled garden ecosystem.

The makers of popular utility software like Default Folder X have already discovered solutions to work around El Capitan’s new challenges, which required a complete overhaul of the existing application in order to implement. Paragon Software faced a similar challenge with NTFS for Mac, which adds the ability to write to Windows-formatted volumes, which can’t natively be done with OS X alone.

Like many other developers, Paragon products have traditionally stored application components in the very places El Capitan no longer permits. For example, the NTFS for Mac driver would be installed in /System/Library/Filesystems, while auxiliary command-line utilities were located in /usr/sbin.

Because of SIP, NTFS for Mac 14 and higher now place this driver in /Library/Filesystems, relocating associated utilities to /usr/local/sbin/, where root still has full privileges. It’s not only a reasonable alternative, but also remains proper Unix etiquette. Likewise, the NTFS for Mac 14 driver is properly signed as a kernel extension, making it a required update for owners of earlier versions prior to upgrading to El Capitan.

Meet the new NTFS for Mac 14

In addition to the under the hood changes outlined above, the familiar NTFS for Mac preferences pane has been overhauled with version 14. Since Disk Utility can no longer be used to work with Windows-formatted volumes, NTFS for Mac 14 now includes built-in format, verify, and mount functionality.

In addition to Windows NTFS, other file systems supported by OS X can also be used with this preference pane — for example, if Paragon’s ExtFS for Mac driver is already installed on the same system, NTFS for Mac will also be able to format, verify, or mount Linux-native Ext2/3/4 disks as well.

Here’s what NTFS for Mac 14 looks like when launched:

And here’s a look at the new way to format volumes as NTFS:

NTFS for Mac 14 can also be used to verify a volume for possible file system errors:

For those comfortable with Terminal, the same actions can also be performed with Paragon’s command-line utilities. Advanced users familiar with Unix will have access to additional options through this interface:

fsck_ufsd_NTFS finds and repairs errors on NTFS disks.

fsck_ufsd_NTFS formats a volume to NTFS.

mount_ufsd_NTFS mounts or unmounts NTFS disks.

Finally, support of the Windows NT file system is automatically added to the command-line diskutil during installation of the NTFS for Mac driver.